<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div th:replace="~{common/common::head}"></div>

<body>
<div class="layuimini-container">
    <div class="layuimini-main">
        <div class="layui-row layui-col-space15">
            <div class="layui-col-md12">
                <fieldset class="layui-elem-field layui-field-title">
                    <legend>
                        <a style="color: rgb(30 159 255)" class="fastjson">组件漏洞 - Fastjon反序列化</a>
                    </legend>
                    <blockquote class="layui-elem-quote layui-quote-nm"
                                style="font-size: 15px;background-color: #a7deefab;box-shadow: 0 .125rem .25rem rgba(0, 0, 0, .075) !important">
                        <p>
                        <pre>  Fastjson是阿里巴巴开源JSON解析库，用于将Java对象与JSON数据之间进行快速转换。在版本[1.2.22,1.2.83]之间Fastjson存在多个反序列化漏洞</pre>
                        <pre>  Fastjson在对JSON字符串进行反序列化的时候，会读取@type的内容，试图把JSON内容反序列化成这个对象，并且会调用这个类的set方法，攻击者利用这个特征，构造一个JSON字符串，并且使用@type反序列化一个自己想要的攻击类库</pre>
                        </p>
                    </blockquote>
                </fieldset>
            </div>
            <div class="layui-col-md12" style="margin-top: 10px">
                <div class="layui-row layui-col-space15">
                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-bug"> 漏洞环境</span></h1>
                        <div class="layui-tab layui-tab-brief">
                            <div class="layui-tab-content">
                                <div class="layui-tab-item layui-show">
                                    <blockquote class="layui-elem-quote main_btn">
                                        <form class="layui-form" id="vul-form"
                                              style="display: flex; justify-content: space-between;">
                                            <input type="text" style="width: 450px;"
                                                   value='{"test":{"@type":"java.net.Inet4Address","val":"dnslog.com"}}'
                                                   autocomplete="off"
                                                   class="layui-input" id="vul-input">
                                            <div style="display: flex; align-items: center;">
                                                <button class="layui-btn layui-btn-normal"
                                                        style="width: 100px; margin-left: 10px;"
                                                        lay-filter="vul-fastjson-submit" lay-submit="">
                                                    <span class="iconfont icon-zhihang">Run</span>
                                                </button>
                                            </div>
                                        </form>
                                    </blockquote>
                                </div>

                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre style="color: #28333e;font-size: 15px;">   这里通过DNS盲打来检测应用是否存在Fastjson反序列化漏洞(不代表漏洞可以被利用)。具体利用通常需要借助RMI、JNDI等协议，攻击者通过这些协议可以进一步触发远程代码执行等攻击行为</pre>
                                        </div>
                                    </div>
                                </div>

                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-warning icon-output"></i>测试结果
                                        </div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre id="vul-fastjson" style="color: red;font-size: 15px;"></pre>
                                        </div>
                                    </div>
                                </div>

                            </div>
                        </div>
                    </div>

                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-code"> 缺陷代码</span></h1>
                        <div class="m-auto div-shadow shadow p-3 mb-5 bg-white rounded">
                            <div class="code-editor" id="vulFastjson"></div>
                        </div>
                    </div>
                </div>
            </div>
            <div class="layui-col-md12" style="margin-top: 10px">
                <div class="layui-row layui-col-space15">
                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-anquan"> 安全环境</span></h1>
                        <div class="layui-tab layui-tab-brief">
                            <div class="layui-tab-content">
                                <div class="layui-tab-item layui-show">
                                    <blockquote class="layui-elem-quote main_btn">
                                        <form class="layui-form" id="safe-fastjson-form"
                                              style="display: flex; justify-content: space-between;">
                                            <input type="text" style="width: 450px;"
                                                   value='{"test":{"@type":"java.net.Inet4Address","val":"dnslog.com"}}'
                                                   autocomplete="off"
                                                   class="layui-input" id="safe-fastjson-input">
                                            <div style="display: flex; align-items: center;">
                                                <button class="layui-btn layui-btn-normal"
                                                        style="width: 100px; margin-left: 10px;"
                                                        lay-filter="safe-fastjson-submit" lay-submit="">
                                                    <span class="iconfont icon-zhihang">Run</span>
                                                </button>
                                            </div>
                                        </form>
                                    </blockquote>
                                </div>

                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre style="color: #28333e;font-size: 15px;">安全编码规范:
    1、升级版本至1.2.83及以上
    2、禁用AutoType或者是设置特定类白名单进行反序列化
    3、使用SafeMode模式
    4、使用@JSONType注解限制类的反序列化</pre>
                                        </div>
                                    </div>
                                </div>

                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-warning icon-output-safe"></i>测试结果
                                        </div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre id="safe-fastjson" style="color: red;font-size: 15px;"></pre>
                                        </div>
                                    </div>
                                </div>

                            </div>
                        </div>
                    </div>

                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-code"> 安全代码</span></h1>
                        <div class="m-auto div-shadow shadow p-3 mb-5 bg-white rounded">
                            <div class="code-editor" id="safeFastjson"></div>
                        </div>
                    </div>
                </div>
            </div>

        </div>
    </div>
</div>
</div>

<div th:replace="~{common/common::script}"></div>
<script type="text/javascript">
    document.addEventListener("DOMContentLoaded", function () {

        layui.use(['layer', 'miniTab', 'common', 'form'], function () {
            var $ = layui.jquery,
                layer = layui.layer,
                miniTab = layui.miniTab,
                common = layui.common,
                form = layui.form;

            miniTab.listen();
            layer.msg("组件漏洞 - Fastjson反序列化");

            var cmConfig = {
                lineNumbers: true,
                lineWrapping: false,
                indentUnit: 4,
                indentWithTabs: true,
                theme: 'juejin',
                styleActiveLine: {nonEmpty: true},
                fontSize: "18px",
                mode: "text/x-java"
            };

            var cmConfigSafe = {
                lineNumbers: true,
                lineWrapping: false,
                indentUnit: 4,
                indentWithTabs: true,
                theme: 'juejinsafe',
                styleActiveLine: {nonEmpty: true},
                fontSize: "18px",
                mode: "text/x-java"
            };

            CodeMirror(document.getElementById("vulFastjson"), Object.assign({}, cmConfig, {
                value: vulFastjson
            }));
            CodeMirror(document.getElementById("safeFastjson"), Object.assign({}, cmConfigSafe, {
                value: safeFastjson
            }));

            // 表单提交的通用函数
            function handleFormSubmit(url, inputSelector, outputSelector) {
                var content = $(inputSelector).val();
                if (content.length === 0) {
                    layer.msg("输入内容不能为空！");
                    return false; // 阻止表单提交
                }

                $.ajax({
                    url: url,
                    type: "POST",
                    contentType: "application/json",
                    data: content, // 直接发送输入的内容
                    success: function (result) {
                        console.log(result)
                        $(outputSelector).empty();
                        $(outputSelector).append(result);
                    },
                    error: function () {
                        layer.alert("请求发送失败！");
                    },
                });

                return false; // 阻止表单默认提交行为
            }

            form.on('submit(vul-fastjson-submit)', function (data) {
                return handleFormSubmit("[[@{/fastjson/vul}]]", "#vul-input", "#vul-fastjson");
            });

            form.on('submit(safe-fastjson-submit)', function (data) {
                return handleFormSubmit("[[@{/fastjson/safe}]]", "#safe-fastjson-input", "#safe-fastjson");
            });

        });

        $('.fastjson').hover(function () {
            $(this).css('cursor', 'pointer');
            layer.tips('攻击流程图', this, {
                tips: [1, '#0051ff'],
                time: 2000
            });
        });

        $('.fastjson').on('click', function () {
            layer.open({
                type: 1,
                title: false,
                closeBtn: 1,
                area: ['1116px', '572px'], // 宽高可以根据需要调整
                shadeClose: true,
                content: '<div style="text-align: center;"><img src="/static/images/vul/components/fastjson.png" style="width: 100%; height: 50%;"></div>'
            });
        });

    });
</script>

</body>
</html>
